<?php
function createTeam($auid,$leagueid,$playerlimit){
	global $_SGET,$_SPOST,$_SREQUEST;
	$query = "UPDATE leagues SET playerlimit='$playerlimit' WHERE id='$leagueid'";
	mysql_query($query);
	global $valid,$auid;
	$query="SELECT * FROM leagueplayers WHERE playerid='$auid' and leagueid='$leagueid'";
	$result=mysql_query($query);
	if (!mysql_num_rows($result)){
		$query ="SELECT users.username,leagues.name,leagues.draftlimit,leagues.moneylimit FROM leagues,users 
		WHERE leagues.id='$leagueid' AND users.id='$auid'";
		$result = mysql_query($query);
		$r = mysql_fetch_assoc($result);
		$newname=$r['name'].$r['username'];
		$query ="INSERT INTO teams (owner,lw,ce,rw,ld,rd,gk,name,bank,drafts) 
		VALUES('$auid','1602','1602','1602','1602','1602','1602','$newname','".$r['moneylimit']."','".$r['draftlimit']."')";
		$result = mysql_query($query);
		$query = "INSERT INTO leagueplayers (playerid, leagueid,teamid) VALUES ('$auid', '$leagueid', '".mysql_insert_id()."' )";
		$result = mysql_query($query);
	}
}

function joinleague(){
	global $_SGET,$_SPOST,$_SREQUEST;
	global $auid,$valid;
	$leagueid=$_SREQUEST['leagueid'];
	if ($valid){
		if ($_SERVER['REQUEST_METHOD']=="POST"){
			$query="SELECT * FROM leagues WHERE id='$leagueid'";
			$result=mysql_query($query);
			$r = mysql_fetch_assoc($result);
			$playerlimit = $r['playerlimit'];
			$playerlimit = $playerlimit-1;
			if($playerlimit >=0){
				if ($r['securitylevel']==1){
					createTeam($auid,$leagueid,$playerlimit);
					header("HTTP/1.0 200 OK");
				}else if($r['securitylevel']==2){
					$query="SELECT * FROM friends WHERE (f1='$auid' OR f2='$auid') 
					AND (f1='".$r['owner']."' OR f2='".$r['owner']."')";
					$result = mysql_query($query);
					if (mysql_num_rows($result)){
						createTeam($auid,$leagueid,$playerlimit);
						header("HTTP/1.0 200 OK");
					}else{
						header("HTTP/1.0 401");
					}
				}else if($r['securitylevel']==3){
					$query = "SELECT * FROM leagueinvites WHERE userid=".$auid." AND leagueid=".$_SREQUEST['leagueid'];
					if(mysql_fetch_assoc(mysql_query($query))){ // Check that the user has a valid invite
						// Create a team for the user
						createTeam($auid,$leagueid,$playerlimit);
					}else{
						header("HTTP/1.0 404 NOT FOUND");
					}
				}
			}
		}
	}else{
		header("HTTP/1.0 401");
	}
}

function league(){
	global $_SGET,$_SPOST,$_SREQUEST;
	global $auid,$valid;
	$id = $_SREQUEST['id'];

	$name = $_SREQUEST['name'];

	$owner = $_SREQUEST['owner'];
	$moneylimit =$_SREQUEST['moneylimit'];
	$draftlimit =$_SREQUEST['draftlimit'];
	$playerlimit =$_SREQUEST['playerlimit'];
	$sortby = $_SREQUEST['sortby'];
	$order = $_SREQUEST['order'];
	$startat = $_SREQUEST['startat'];
	$shownr = $_SREQUEST['shownr'];
	$count = $_SREQUEST['count'];
	$description=$_SREQUEST['description'];
	$securitylevel=$_SREQUEST['securitylevel'];
	$newname=$_SREQUEST['newname'];


	if ($_SERVER['REQUEST_METHOD']=="POST"){
		if ($valid){
			$query = "SELECT * FROM leagues WHERE name='$name' OR id='$id'";
			$result = mysql_query($query);
			$tmp=mysql_fetch_assoc($result);
			/*create an new leage*/
			if(mysql_num_rows($result)==0){
				$query = "INSERT INTO leagues (name, description, moneylimit, draftlimit, playerlimit, securitylevel, owner) 
				VALUES ('$name' , '$description' , '$moneylimit' , '$draftlimit' , '$playerlimit' ,'$securitylevel' , '$auid')";
				$result = mysql_query($query);
				if (mysql_affected_rows()){
					$query = "SELECT * FROM leagues WHERE name='$name'";
					$tmp = mysql_fetch_assoc(mysql_query($query));
					$playerlimit = $playerlimit-1;
					createTeam($auid,$tmp['id'],$playerlimit);
					header("HTTP/1.0 200 OK");
				}else{
					header("HTTP/1.0 400 BAD REQUEST");
				}
				/*Update records*/
				/*by id*/
				/*all data must be provided*/
			}else if(mysql_num_rows($result)>0 AND $tmp['owner']==$auid){
				$query="UPDATE leagues SET name='$newname' , description='$description' , playerlimit='$playerlimit',
				securitylevel='$securitylevel' WHERE id='$id'";
				$result = mysql_query($query);
				header("HTTP/1.0 200 OK");
			}else{
				header("HTTP/1.0 400 BAD REQUEST");
			}
		}else{
			header("HTTP/1.0 401 UNAUTHORIZED");
		}
	}

	/*view leagues*/
	if ($_SERVER['REQUEST_METHOD']=="GET"){
		$where="WHERE 1 ";
		if ($id){
			$where.=" AND id='".$id."'";
		}
		if ($name){
			$where.=" AND name='".$name."'";
		}
		if ($owner){
			$where.=" AND owner='".$owner."'";
		}
		if ($moneylimit){
			$where.=" AND moneylimit='".$moneylimit."'";
		}
		if ($draftlimit){
			$where.=" AND draftlimit='".$draftlimit."'";
		}
		if ($playerlimit){
			$where.=" AND playerlimit='".$playerlimit."'";
		}

		if (isset($_GET['order'])){
			$order2=$order;
		}else{
			$order2="ASC";
		}
		if (isset($_GET['sortby'])){
			$sortby2=$sortby;
		}else{
			$sortby2="name";
		}
		if ($count=="true"){
			$query="SELECT * FROM leagues $where";
			$result = mysql_query($query);
			$count=mysql_num_rows($result);
			print '{"count":"'.$count.'"}';

		}else{
			if (!$startat){
				$startat=0;
			}
			if (!$shownr){
				$shownr=30;
			}


			if (isset($auid)){
				$query ="SELECT * FROM leagueplayers WHERE playerid='$auid'";

				$result = mysql_query($query);
				$rows=array();
				while ($r1 = mysql_fetch_assoc($result)){
					$query3="SELECT * FROM leagues WHERE id='".$r1['leagueid']."'";
					$result3 = mysql_query($query3);
					while($r2 = mysql_fetch_assoc($result3)){
						$query2="SELECT * FROM leagueplayers WHERE teamid='".$r2['id']."'";
						$result2=mysql_query($query2);
						$tmp=mysql_fetch_assoc($result2);
						$r2['league']=$tmp['leagueid'];
						$rows[] = $r2;
					}
				}
				print json_encode($rows);
			}else{
				$query="SELECT * FROM leagues $where ORDER BY $sortby2 $order2 LIMIT $startat , $shownr";
				$result = mysql_query($query);
				$rows = array();
				while($r = mysql_fetch_assoc($result)){
					$query2="SELECT * FROM leagueplayers WHERE teamid='".$r['id']."'";
					$result2=mysql_query($query2);
					$tmp=mysql_fetch_assoc($result2);
					$r['league']=$tmp['leagueid'];
					$rows[] = $r;
				}
				print json_encode($rows);
			}
		}
	}
}
?>